python-jenkins-developers team mailing list archive

Thread
Date

[Bug 1837415] Re: Retain session id for subsequent requests

To: python-jenkins-developers@xxxxxxxxxxxxxxxxxxx
From: Pascal Hofmann <1837415@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Jul 2019 15:13:09 -0000
Reply-to: Bug 1837415 <1837415@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Session id seems to be sent in response header X-Jenkins-Session

-- 
You received this bug notification because you are a member of Python
Jenkins Developers, which is subscribed to Python Jenkins.
https://bugs.launchpad.net/bugs/1837415

Title:
  Retain session id for subsequent requests

Status in Python Jenkins:
  New

Bug description:
  Starting with Jenkins version 2.176.2 CSRF tokens will now also check
  the web session ID to confirm they were created in the same session.
  This fix impacts python-jenkins because it obtains a crumb from the
  crumb issuer API. python-jenkins needs to be updated to retain the
  session ID for subsequent requests. For further information, see
  https://jenkins.io/doc/upgrade-guide/2.176/#SECURITY-626

To manage notifications about this bug go to:
https://bugs.launchpad.net/python-jenkins/+bug/1837415/+subscriptions

References

[Bug 1837415] [NEW] Retain session id for subsequent requests
From: Pascal Hofmann, 2019-07-22